AWS access control policy condition that allows an access control statement
to be conditionally applied based on the comparison of an Amazon Resource
Name (ARN).

An Amazon Resource Name (ARN) takes the following format:
arn:aws:<vendor>:<region>:<namespace>:<relative-id>

vendor identifies the AWS product (e.g., sns)

region is the AWS Region the resource resides in (e.g., us-east-1), if
any

namespace is the AWS account ID with no hyphens (e.g., 123456789012)

relative-id is the service specific portion that identifies the specific
resource

For example, an Amazon SQS queue might be addressed with the following ARN:
arn:aws:sqs:us-east-1:987654321000:MyQueue

Currently the only valid condition key to use in an ARN condition is
ConditionFactory.SOURCE_ARN_CONDITION_KEY, which indicates the
source resource that is modifying another resource, for example, an SNS topic
is the source ARN when publishing messages from the topic to an SQS queue.

Loose case-insensitive matching of the ARN. Each of the six
colon-delimited components of the ARN is checked separately and each
can include a multi-character match wildcard (*) or a
single-character match wildcard (?).